Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

That could have been believable back in the DOS days, when most viruses seemed to have no real purpose besides amusement, but today the vast majority of malware is written for profit. Selling antivirus software would be counterproductive if you're making a lot more money from owning a botnet and the antivirus would eat into that.

Usual run-of-the-mill computer viruses and exploits don't usually harm one's health in the say that this has the potential to do. I mean, seriously - a virus could infect your insulin pump and kill you??

I know it's naïve to even ask, but would this be used in the wild? What special sort of sicko would do this for kicks?

I know it's naïve to even ask, but would this be used in the wild? What special sort of sicko would do this for kicks?

The Darzhavna Sigurnost (Bulgarian Secret Police) and the KGB killed Georgi Markov on a bridge in London by stabbing him in the back with an umbrella that fired a ricin filled pellet. The ability to assassinate someone by infecting their insulin pump would be a goldmine.

The Darzhavna Sigurnost (Bulgarian Secret Police) and the KGB killed Georgi Markov on a bridge in London by stabbing him in the back with an umbrella that fired a ricin filled pellet. The ability to assassinate someone by infecting their insulin pump would be a goldmine.

...if your target happens to be a diabetic with an implanted insulin pump. Otherwise, it's just a pyrite mine. A poison will get you whether you happen to have an insulin pump or not.

Yes, but poison requires access. You have to be close enough to put it in the target's food or drink, or inject the target with the poison. Shooting the target leaves evidence - the bullet etc. However, this is a wireless attack, with a good antenna it probably can be done from quite far away and would leave no evidence.

I was using that as an example of how intelligence agencies love unconventional methods of eliminating targets. Now, granted, this kind of thing doesn't really happen too often, but it's always nice to have one more tool in the bag if you need it.

It's things like this that make me wonder if maybe dick cheney's new heart, which is uncommon for a 70 year old to get, might have been in part a security issue with the device he did have (not necessarily a problem like the one described in TFA).

The family and/or leadership of 'bad' country. The boss of a 'bad' company. The boss of a 'bad' area exporting drugs/weapons without state support. The top science person of a "bad" research centre.. That lone wolf blogger who "was" somebody/got a real story....
You really think all the interest in home wireless is just to watch your web cam, track your power needs and log your mail/web 2.0 use?http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/ [wired.com]

Stuxnet could cause death too, with poorly designed lockouts ( for example ). Just have a robot wait a few moments after the lock is engaged then swing wildly.. trying to catch a person in the cage with it.

That's just the thing though, with this exploit, you could kill that old lady at a distance in a way that looks like an equipment malfunction and leaves no evidence that you were ever there. It's a much smaller pool of potential victims and a smaller pool of potential perpetrators, but a much lower risk crime.

All in all, I think people with an insulin pump would rather not have the vulnerability.

It depends on whether you have to adapt the "virus" to the specific device or not. If not (or you can write a script to do that for you automatically), then someone may just walk with a transmitter programmed to send the virus in a busy street or some concert and see how many people die. After all, there are serial killers who do it for the fun of killing, not the money or something else.

An insulin pump is NOT implanted inside the user's body, and it is NOT a medical implant. A small, disposable cannula attached to the pump via plastic tubing is inserted by the user under the skin just a few mm, and is exchanged by the user every few days. There is no permanently inserted component to an insulin pump.

Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth! Someone who is not insulin resistant using a 200 unit model would get 6, 7 days out of it tops. People who use the bigger ones because they are very insulin resistant might use 300 units in just a couple of days.

The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."

This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains. Some people require a very large amount of insulin for very small amounts of carbs, some people require barely any insulin for a large amount. Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."

While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full. But that's all assuming we're taking someone who has clearly made several mistakes in their reasoning for their word when they say they can access these devices.

If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump. It would involve the manufacturer mailing you a replacement and you switching it out.

Also, pump's cartridges to hold insulin typically range from 200-300 units. Contrary to the article's claims, this is not 45 days worth!

In an implanted pump, it probably would be a larger supply.

The BBC article also states "Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble"."

This is very flawed as well. Typically, insulin is taken before a meal whenever possible, and how "heavy" the meal is, is irrelevant. What matters is the user's insulin to carb ratio (how much insulin they need to properly use a gram of carbs) and how many carbs the item they eat contains.

I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.

Also, when a person relies on an insulin pump, they're not just adding insulin to their body during mealtimes, the vast majority will be using it to deliver a "basal" dose of insulin, or a small amount of insulin 24/7 to stay alive (as this is a function normal non-diabetic bodies perform.) They also use it to deliver corrections, or small doses of insulin in response to blood glucose levels that are higher than expected after meals or throughout the day. A pump is not just a device you use after a "heavy meal."

Again, a simplification, but I'm not sure it's a severe oversimplification in an article written for a general audience; it doesn't invalidate the point of the article.

While it is true that an insulin cartridge unwillingly emptied into a patient poses significant danger, even without an alarm, I suspect 99% of people would be able to quickly notice such a large dose of insulin being delivered. You can see and feel insulin being delivered that rapidly. And if they happened to miss it, that's what frequent monitoring of blood glucose (which is required for all insulin pump users) is for. Sure, taking 200-300 units more than you should have would be a world of suck, but if you had access to food to eat or a sweet drink or glucose tablets, it's very likely an experienced diabetic would survive that sort of incident... to say nothing of if the cartridge wasn't full.

Well, for an implanted pump, it could be a lot more than 300 units; how fast it takes action is another matter, so maybe spending a while with your local store's entire supply of orange juice might be sufficient.

If more security were implemented in an insulin pump, there would certainly be no "frequent surgeries to replace the batteries," as the battery is (like the entire pump) stored in an external pump.

yes there is such a beast as an implanted pump, but in practice, the things are very, very rare and you are unlikely to meet any diabetic who is even aware that the device exists, let along find someone who has one.

The version that is out there is 20 years old and is basically being maintained, there isn't new models coming out all the time. Common approaches to security 20 years ago is not the same as we would view them now.

Yes, it is something that should be addressed in future models (if they ever

Of course you can just, 'um', check wikipedia http://en.wikipedia.org/wiki/Insulin_pump [wikipedia.org]. So not all insulin pumps are wireless just some, some are even bluetooth. Simplest wireless security that doesn't need any money going to macaffee, an on/off switch for the wireless controller and just to make sure a red warning led when wireless is active . As for security some units have a backup controller which checks the main controller for accurate function many times a day.

Even from the (rather poor) description in the article, it's clear that they're describing a standard Medtronic brand external insulin pump. (There are other brands, but Medtronic is by far the biggest.) 300 units is the standard reservoir size for those; that's about a 4.5 day supply for me, a typical Type 1 diabetic, so I'm guessing that they simply misplaced a decimal point.

As for surviving a 300-unit overdose... well, for me, that would require about 3,600 grams of carbohydrate to make up for it.

I suspect by "heavy meal" he meant "carb-heavy meal". It might have been clearer had he said "carb-heavy meal", so nobody thought that chowing down, say, a 16-ounce filet would require a large bolus. And, yes, your mileage may vary depending on the insulin/carbs ratio. I'm not sure either of those are severely bad oversimplifications, though.

A 16oz Filet Mignon has zero carbs.

...which is why I mentioned it - it's arguably a heavy meal, but no bolus would be needed.

As long as "Sugar" doesn't mean only "actual sucrose or glucose or fructose or... in the dish"; a nice big plate of rice would not have much of those simple sugars, but it'd have a pile-o-carbohydrates (about 51 g/cup of cooked white rice, and 45 g/cup of cooked brown rice, if I remember correctly).

There are different kinds of pumps. The most common is the type you describe, but there are in fact implantable insulin pumps which get refilled via syringe, and this is the type described in the article:

"The pumps hold 300 units of insulin, enough for about 45 days, and are refilled by a syringe."

Do not discount the threat of this process overnight. With my mom's history her real danger is at night. She has slept through the pump alerts including vibration. There are advantages to having a small dog or two on the bed.

Probably unpleasant but not impossible, if your life depended on it. What does a typical bottle of coke contain? It wouldn't have to be instant if you caught it early enough, spread over an hour wouldn't be so bad.

A 2 liter bottle of Coke only has 225 grams in it, so you'd need about 5 of those. You seem to have a really high insulin:carb ratio, though; mine is 1:12, and I believe that 1:15 is typical. So I'd need about 16 bottles of Coke; I'm pretty sure at that rate of consumption, water poisoning would become an issue, so it would be better to stick to solid sugar. I think I'd just try to get to a hospital and get them to give me their entire supply of glucagon.

... it seems like if beaming a RF signal is all it takes to control the device, it's a terrible, terrible design.

If I were designing an implantable device that I wanted to be robust to attacks like this, I'd build in a two-stage security system. The first would be a piezoelectric element connected to an oscillator tuned to a particular frequency that acts as a switch for the radio receiver; only when exposed to a strong signal at the appropriate frequency will it even start *listening* for an RF signal. The

That's like saying "we should have a phone that we call to turn on the phone we want to call". If they're going to require solid contact with the patient, they might as well use some sort of contact-based communication, like ultrasound or small currents or whatnot. What if you have a jumper sticking out of your arm, and when you short it, the RF control mode is activated? (I'm only half joking)

Who needs to update their heart from 300 feet away? One of the articles discusses encryption as a solution -- because the person is an idiot. My heart doesn't have any encryption. It has one very important security feature: it doesn't talk to devices 300 feet away.

It's very easy to screw with my organs, you come up to me and you hit them. It's really easy.

So who decided that an insulin pump needed full-range wireless connectivity? How about 3 inches. 3 inches would have been great. It's already refilled by a seringe. Ignoring, for the moment, that a seringe-like probe could have updated it without anything being wireless, a simple short-range induction or vibrational signal, or even IR -- actually, IR would have been fantastic because it would have been obscured by clothing, a security device that has resulted in every doctor everywhere asking patients to disrobe, and then leaving for another random amount of time.

but no, let's use a technology designed for long-distance communication. We talk to space telescopes and voyager probes this way, so it clearly makes sense that implanted devices be accessed this same way -- you know, in case voyager wants to screw with us.

like I said, light, even visible light works. vibrations also work. and anything blocked by clothing works. or hey, here's a bright idea, uni-directional wireless ought to be as easy as a headlight. require line-of-sight, which won't be reliable when a person is moving. or a hair-antenna as a contact device. one blue hair. or go full wireless but require a vibrational authentication. make me punch myself to authenticate an update. or make me use a device with a set vibrational authentication patter

Why does this kind of security vulnerability even exist in this day and age? Considering how compact solid state data storage is these days, there's no reason I can think of whatsoever that a vulnerability like this should exist. This is the perfect use case for a one time pad. It's simple. You generate some random data and save a copy of it on three storage devices. One copy goes into the pump, another copy goes into the external wireless controller, and the last copy goes into a safe somewhere. When the w

While this is interesting and all and potentially could be used at a high value directed target, as a general problem it's pretty limited. There aren't many insulin pumps out there, there are several manufacturers and I would imagine the exploit is device specific.

I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't

Who needs a high-value target when you could hold any diabetic hostage for ransom? All it takes is a vulnerable wireless router with a sufficiently flexible transmitter, and the ability to scan for a nearby victim. Barring the implacable reality of device incompatibility, this is scary stuff.

I completely agree, if this gets in the wild what would stop some sociopathic miscreant from sitting outside of a wal-mart or whatever and randomly assassinating people using their insulin pumps. I don't think profit has to be a factor in the equation when the human animal is involved and a persons death is the end result.

Ahh, but this is nearly undetectable. While some people COULD come together and go all CSI and maybe find a few suspicious people, it wouldn't be 'beyond a shadow of a doubt' to see someone standing around in front of Walmart with a backpack on.

Relative safety increases the chances some psycho is going to try to fulfill their desires. If people suddenly had a 99% chance of robbing a bank and getting away with it, there'd be a lot more bank robberies.

It's kind of problematic if you want to hold a random arbitrary person hostage, though. First you'd have to give them diabetes. So maybe buy them a big gulp or something. And maybe an Xbox to keep them from exercising. It'd have to be a kinect-free Xbox. And a comfy chair. Then wait while they get an insulin pump installed. Seems like there are easier ways to hold people hostage...

You're thinking about the problem backward—just scan for people with diabetes and hold them hostage. If they've got one of these expensive insulin injectors and they're in the US, then they're probably filthy rich already.

Or, you know, they have health insurance. It's actually not that difficult to get insurance companies to pay for pumps: they know that pump use results in much better blood sugar control, which results in a much lower risk of (even more expensive) complications down the road. I've had three different insurance companies pay for an insulin pump at this point (they need to be replaced after about five years).

Wait, what? Are these medical devices connected to the internet? If you need to use typical wireless, the range and "visibility" won't be that different from a gun, though I guess people sometimes do call the police when they hear gunshots (though not in some neighborhoods I've lived in).

1. Find some kind of radio that (a) is online, (b) is common, (c) can be hacked into, and (d) can be tuned to interact with the medical devices. This lets you connect the medical devices to the Internet. It may very well be impossible to find such a device, or it may be as common as a cheap Chinese phone with built-in FM transmission for car dashboard integration. I dunno. Too tired to RTFA.

2. Break into a large number of these radios and scan the area around th

I don't use a pump but the ones I've seen over here in the UK contain the insulin in cartridge form and attach to the patient's belt, with a delivery tube going to the belly. If I was wearing a pump and got an email demanding cash to save having a massive insulin dose delivered, what's to stop me physically removing the insulin delivery tube from my belly so the insulin can't be delivered, then using regular injections instead?

The fact they can be hacked is bad news bears and should be corrected but I th

To be clear here, the wireless in use has nothing to do with WiFi aside from being radio communication. You cannot control/hack/disable these things with a wireless router - they require very specialized equipment to produce the correct radio signal.

Okay, perhaps not any old wireless router will be sufficiently reconfigurable, but there's probably [i]something[/i] common enough that's online and could be rewired to act as a scanner for these things.

While this is interesting and all and potentially could be used at a high value directed target, as a general problem it's pretty limited. There aren't many insulin pumps out there, there are several manufacturers and I would imagine the exploit is device specific.

I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.

Apple has a patent on magnetically connected cables that they are pretty aggressive about protecting so that wouldn't work. On the other hand I have a deep fryer that has a similar cable that pre dates Apple's implementation by several years.

I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.

Because they're implanted devices. Presently absolutely no-one has any good idea on how to reliably expose a control interface (say, through the skin) without creating a massive risk of infection, or just injury (from mechanical trauma if it snags on something or whatnot).

You also can't just go threading wires through a person willy-nilly like you'd need to do to create useful induction interface (not to mention the danger that you could probably talk to such a thing wirelessly anyway, with the body acting

No, they're not implanted. Implanted pumps do exist, but it's pretty clear that they're talking about run-of-the-mill Medtronic brand external insulin pumps in the article, even if they get some of the details wrong. People still like to wear those under their clothes and control them with a wireless remote control, though.

I'm not sure just why the manufacturer thinks the pump needs to have a wireless function though. If it needs to talk to another device, I would have used a small magnetic cable (so it doesn't get pulled out). Easy peasy as opposed to convincing a wireless device to talk to something else.

Mostly because some people wear the pump under their clothes (means you don't have a clunky, pager-sized device sitting on your belt or in your pocket with a tube running under your shirt) and use a small wireless remote control to talk to it. The pump also uses wireless communication to talk to blood glucose meters and sensors, but that doesn't control the delivery of insulin.

Finding a security vulnerability is not "making viruses". Would you prefer that this be first discovered by someone who's not so nice as to disclose their findings, so that insulin pumps just start mysteriously "malfunctioning" and killing patients?

Regardless of what you may think of the quality of McAfee's software, they're not being anything besides white-hat here.

So what?If someone throws a rock into your windshield, you die. We still drive cars.Hell, if someone sticks a knife into you, you die. Everyone uses knives.

If someone wants you dead, there are a miriad ways to do it. The problem is not with those attack vectors, but with the fact, that someone is after your life.This is not a 'security breach', is is murder. And it takes a murderer to do it.

This is just another case of 'same old, but now on the intertubes/with a computer!!'.

True, but most people don't come with "instant wireless death button" enabled.

Pretty sure a bullet counts as wireless, unless someone's mugging you with a TOW missile. Not to say this shouldn't be secure on general principles, but the limiting factor on killing someone will always be the will to do so.

I think the fear of this comes not from the fact that it's possible, but the fact that it seems much more difficult to investigate, and thus more appealing to a would-be killer, than other forms of murder. Harder to investigate translates to less likelihood of getting caught, which in turn translates into less apprehension about committing the crime.

Try essentially impossible to investigate. How many people do you walk within twenty feet of in any given week? Any given year? Now imagine that any one of those people might have been the person who injected code that waits a predetermined period of time, does something bad, and then erases the location where the time delay is stored so that the original value cannot be recovered after the fact.... Or worse, overwrites the time delay with a value that implicates someone else.

Yeah but a lot of the time people don't kill other people because of the evidence trail, or just sheer inconvenience of it. If it was as easy as hitting a "run" button on your smartphone, people might not be so hesitant. The fear of being caught keeps a lot of people honest and if people didn't have that fear, how honest would people really be in today's society? I doubt that i'd have the restraint at, say, a westboro protest or a teaparty rally.

If someone sticks a knife into me, I die, but he leaves evidence, maybe someone sees him. Throwing a rock into my windshield (when I'm driving) is quite difficult. Also, the murderer needs to be stronger than me, or I could fight him off or run away.

Shooting me with a pistol is loud and someone will most likely hear the gunshot, maybe see the killer running away with the gun or throwing the gun away. Also, a gun is quite difficult to get (in my country), I assume the murderer won't want a legal gun that can

In almost every country on the planet, it is significantly easier to (legally) obtain a bolt-action rifle than a handgun. There is nothing particularly special about a "sniper rifle" -- it is typically just a standard bolt-action rifle with a scope.

A special "sniper rifle" would most likely be designed to be accurate over longer distances than a regular bolt action rifle. While it may be a bit easier to get a permit for a bolt action rifle, but then it would still be difficult to conceal it to get to the rooftop or wherever and to hit anything with it over a long distance, so it means that the killer would need to really want me dead to buy the rile, practice with it etc, compared to just downloading a couple of scripts to run on a Linux live CD.

It's also worth noting that people throwing rocks off overpasses at cars has in fact killed a number of people, was done by 13 year olds (in at least one instance I recall) and has more or less led to all of them being enclosed in steel mesh to prevent anything much larger then a pebble being dropped/thrown off them.

I sort-of agree with you. One problem is the reduced evidence though. At this time, a murder would possibly not even be recognized as such. However, after a transitional period, forensics will get better and these devices will get secured with cryptography. The statement in the BBC article about not enough energy is nonsense. For example, you could interact while providing energy via a coil placed close to the device. And crypto done right does not require that much energy anyways. It is just a competence p

As a member of the Walkman generation, I have made peace with the fact that I will require a hearing aid long before I die. It won't be a hearing aid, though; it will really be a computer. So when I get into a car—a computer that I put my body into—with my hearing aid—a computer I put inside my body—I want to know that these technologies are not designed to keep secrets from me, or to prevent me from terminating processes on them that work against my interests.

We need to change the way that the industry and the regulators think about these kind of devices. Security by obscurity is just not good enough.

As patients (now and in the future) we should require/demand that all of the software in these dev